alg.exe is trying to connect to the Internet, and MSCTF.dll hooked into by *.exe

First post. Since this is a general security questions and comments area, I’ll let it all out.

While some people seem to do fine without a firewall, getting one will only make you more aware of how badly you need one. With that sad, the first thing I’d like to get some feedback on, how can an operating system be so ridiculously vulnerable in the first place ? (not to talk about some admin shares enabled by default, and other little miracles). So, while some are happy with this disaster, I don’t really seem to get things right with a firewall either. I’m confident I’m using the best firewall, COMODO, yet, configuring it is more than a challange, despite my trying my best. Even with things configured well, a legitimate application can be hijacked to connect for the mallware. Defense is supposed to stop that from happening, right ? Before asking a million questions on how to fill every tiny little whole in a system (cause I don’t think security is about locking all the doors while leaving the window open), I’d like to particulary try to address two issues I’m having currently.

alg.exe is trying desperately to send some data to the very same ip. “alg.exe is a safe application. You can safely allow this request” you say ? SERIOUSLY ? I don’t think so ! I’m not using ftp, so I don’t see why my computer tries to connect with another one from California. So, alg tries to send data to someone ? Great ! I can disconnect and reconnect with a new IP, within a few seconds, the issue is back, so something on my pc must phone home. I had similar problems before, but it wen’t away with blocking the request. Now, if I had had a rule allowing alg as a safe application, I wouldn’t even have noticed that something’s going on. In other words, for example if firefox would have been hijacked, I wouldn’t even have noticed, since, as a browser, I had to make a rule for it. Talking about security… online security seems to be a joke from this perspective. Seriously. Oh, and I hear killing alg isn’t an option as my system relies on it for manageing networking or something, so killing it potentially leaves me without a truely functional firewall ? Is that true ? If there’s such a thing as real security, please let me in on the secrets I don’t seem to know about.

Could this trouble with alg be caused by some mallware on the computer that connects to the Internet though mine ?

Another thing is, since there is a training mode for Defense+, I said to myself, let’s use it. MSCTF.dll is constantly being hooked into, no matter what app I start up. I even have a situation where an interface for a media players api, seems to have started some application that got installed for my scanner. My computer has a mind of it’s own, it seems. Services run happily in the background hidding behind svchost.exe, anything could be happening, you would never even see, not even if you’d stare at your tasklist continuosly. Everything seems to hook into everything, anything can start up anything.

Atop of all this, if I dare rightclicking an icon in explorer, everything freezez up for a few seconds, and I don’t even know where to begin to look for a solution.

I’m tired of uncertainty and speculations. I need answers and solutions. Could you help please ? Thanks a million !

the issue with alg.exe does dissapear if I disconnect the other computer from the network, and does reapear with reconnecting it. All my questions remain open though.

Stopping alg.exe is easy.

Click START → RUN, enter SERVICES.MSC and press ENTER.

Double click the entry for APPLICATION LAYER GATEWAY (alg.exe), stop it and set it to MANUAL.

That’s the last you’ll see of that critter. :wink:

Yeay. Thanks for that info :-TU, might I add, if everybody would follow up with his 2 cents I would be a happy man (I know it’s a long post and we all live on 24H, but please !) So, alg.exe isn’t necessary. Great. ;D I could also kill it anytime, I was just afraid it would render the machine vulnerable. With that out of the way…

I would emphasise that I’m still buffeled by everything hooking into everything in windows, and there are still some questions open.

On top of all this, since today alg.exe seems to have given up trying, and now winlogon.exe is doing the same. “Hurray”… >:(

Edit: while I was dissabling alg, I happened to read that it: “Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.” - that ain’t good, as I do use ICS, as I mentioned in the first post.